Attacks on businesses double support of COVID-19 response efforts

According to the new report, cyberattacks on health care, manufacturing and energy have doubled from the previous year, with threatening actors targeting organizations that could not afford downtime due to risks of disrupting efforts medical or emergency supply chains. In fact, manufacturing and energy were the industries most affected in 2020, second only to the finance and insurance sector. Adding to this, attackers were taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), on which manufacturing and energy depend heavily.

“In fact, the pandemic redesigned what is considered an emergency infrastructure today, and attackers noted. Many groups have been pushed to the front lines of response efforts for the first time. – whether they should support the COVID-19 screening, support the vaccine and food supply chains, or introduce personal protective equipment, “he said. Nick Rossmann, Director of Global Risk Intelligence, IBM Security X-Force. “Attacker violence moved as the timeline of COVID-19 events unfolded, reaffirming the agility, agility and resilience of cyber enemies.”

The X-Force Risk Intelligence Index is based on the insights and observations from the surveillance of more than 150 billion security incidents per day in over 130 countries. In addition, data is collected and analyzed from a number of sources within IBM, including IBM Security X-Force Threat Intelligence and Respident Response, X-Force Red, Security Services IBM managed, and data provided by Quad9 and Intezer, which both contributed to the 2021 Report.

Some of the key events in the report include:

• Cybercriminals accelerate the use of Linux Malware – With a 40% increase in Linux-related malware families in the past year, according to Intezer, and a 500% increase in Copyrighted malware in the first six months of 2020, attackers accelerating migration to Linux malware, which can run more easily on different platforms, including cloud environments.

• Pandemic drives the major spoofed brands – Amid a year of social distance and remote work, brands that offer collaborative tools like Google, Dropbox and Microsoft, or online store brands such as Amazon and PayPal, made the top 10 brands spoofed in 2020. YouTube and Facebook, on which users relied more for last year’s news digestion, are also at the top of the list. Surprisingly, Adidas was making its debut as the seventh most popular brand in 2020, apparently driven by demand for Yeezy and Superstar sneaker lines.

• Ransomware Organizations Make Money on Profitable Business Model – Ransomware was responsible for nearly one in four attacks to which X-Force responded in 2020, with attacks coming in aggressively to include double-edged tactics. Using this model, X-Force evaluates Sodinokibi – the most common ransomware group seen in 2020 – a very profitable year. X-Force believes the group made a conservative estimate of surplus $ 123 million in the past year, with about two-thirds of its victims paying counterfeit money, according to the report.

Investing in Malware open source environments threatens
Among the COVID-19 pandemic, many businesses were trying to accelerate their adoption of their clouds. “In fact, a recent Gartner study found that nearly 70% of organizations that use cloud services today plan to increase their cloud consumption as a result of the turmoil caused by COVID-19.” ¹ But with Linux currently powering 90% of the cloud workload and an X-Force report reporting a 500% increase in Linux-related malware families in the last decade, cloud environments can be a major vector of attack for threatening actors.

With the rise in open source malware, IBM estimates that attackers may be looking for ways to improve their profit margins – possibly reducing costs, increasing efficiency and increasing the cost. creating opportunities to scale more profitable attacks. The report highlights several threat groups such as APT28, APT29 and Carbanak are turning to open source malware, revealing that this move will be an accelerator for more cloud attacks in the coming year.

The report also suggests that attackers are taking advantage of the expansive processing power provided by cloud environments, outweighing the costs of heavy cloud usage on victim groups, as Intezer observed over 13% of new, unprecedented code in Linux cryptomining malware by 2020.

With cloud-based attacker views, X-Force suggests that organizations should consider a distrustful approach in their security strategy. Businesses should also make confidential computing a key part of their security infrastructure to help protect their most sensitive data – by circulating used data, organizations can help reduce the risk from a malicious actor, even if they get access to their vulnerabilities. environments.

Cybercriminals deceived as a well-known brand
The 2021 report clarifies that cybercriminals chose to position themselves mostly as brands that consumers trust. Regarded as one of the most influential brands in the world, Adidas appeared attractive to cybercriminals trying to take advantage of consumer demand to move those looking for hidden sneakers to sites malicious websites designed to look like legitimate sites. Once a user visited those seemingly legitimate domains, cybercriminals would either try to commit online payment scams, steal users ’financial information, harvest user credentials, or attacking victims ’devices with malware.

The report reveals that most Adidas spoofing is related to Yeezy and Superstar sneaker lines. Yeezy’s line was reportedly entered $ 1.3 billion in 2019 and was one of the best selling sneakers for the sportswear manufacturing giant. Apparently, with the hype for the next sneaker release in early 2020, the brand’s demand for money was made by attackers to make their own profit.

Ransomware Dominates 2020 as the most common attack
According to the report, in 2020 the world suffered more ransomware attacks compared to 2019, with nearly 60% of ransomware attacks responded to by X-Force using a double-click strategy where attackers encrypt, steal and then threaten to release data, if the cryptocurrency was not paid. In fact, by 2020, 36% of X-Force detected data breaches came from ransomware attacks that also involved alleged data theft, suggesting that data breaches and ransomware attacks start hitting.

The most active ransomware group reported in 2020 was Sodinokibi (also known as REvil), accounting for 22% of all ransomware incidents seen by X-Force. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, nearly two-thirds of Sodinokibi victims paid counterfeit money, and their data was leaked. spread about 43% – which X-Force estimates mean the group overreacted $ 123 million in the past year.

Like Sodinokibi, the report found that the most successful ransomware groups in 2020 focused on stealing and leaking data, as well as creating ransomware-as-it-is cards service and outsource key aspects of their work to cybercriminals who specialize in various aspects of attack. In response to these more aggressive ransomware attacks, X-Force recommends that organizations restrict access to sensitive data and protect high-security accounts with privileged access control (PAM) and identity management and accessibility (IAM).

Other key findings in the report include:

• Vulnerability outweighs phishing as the most common infectious vector – The 2021 report shows that the most successful way to recover last year’s victims ’environments was to scan and exploit vulnerabilities (35%), overcoming fisheries (31%). ) for the first time in years.
• Europe felt the 2020 attacks – Making up 31% of X-Force-responded attacks in 2020, according to the report, Europe received more attacks than any other region, with ransomware rising as the main culprit. In addition, Europe saw more threat attacks within any other area, seeing twice as many such attacks North America and Asia together.

The report features IBM data collected in 2020 to deliver insightful information about a global threat landscape and inform security professionals about the most relevant threats to their organizations. To download a copy of the X-Force 2021 Risk Inventory, visit: https://www.ibm.biz/threatindex2021